NIST has released a draft standard for stateful hash-based digital signature schemes, which could be used to secure government systems against quantum computer attacks. The draft, NIST SP 800-208, proposes using two specific schemes: XMSS and LMS, as defined in RFCs 8391 and 8554. These schemes are not suitable for general use due to their state management requirements, but may be appropriate for applications with controlled private key usage and a need for post-quantum security before the standardization process completes.
The draft standard profiles LMS, XMSS, and their multi-tree variants, approving some but not all parameter sets defined in the RFCs. Approved parameter sets use SHA-256 or SHAKE256 with 192- or 256-bit outputs. The standard also requires key and signature generation in hardware cryptographic modules that prevent secret keying material export. The public comment period for the draft ends on February 28, 2020.
Keywords: post-quantum, signature, cryptographic, secure, standardization